Russ Housley wrote: > > Massimiliano: > > I do not think that we should do anything to encourage CAs to suspend > certificates. This feature adds significant complexity to the whole > system, and we should discourage it's use. > > Russ > You are right saying that adding complexity should be discouraged, by the way I suggested them because we need something like that (I am from the OpenCA project). Let me explain in more details why I think something similar could come in handy. The CSLs, let's call them CSL to distinguish from CRLs, have sense in env where there is a time gap between the 'request for cert revoking' by the user and the effective revoking by the CA: this is obvious if you consider structures where the main CA computer is disconnected from any network. Would you allow a certificate to be used when a user says it could have been compromised ? You can not either say it is revoked because it is not (CRLs do not report it) and there is no way to verify it till the new CRL is issued. With some instrument like the proposed CSLs (that is only a proposal, I am not saying it is the best or the only solution to the problem, I am obviously open to EVERY comment... :-D and hopefully to some better solutions) you can say, from the moment the user signals a danger the usage of the certificate is compromised and that itself is to be considered in a 'freezed' state. Am I completely out of the target ? What do you think about this problem ? Thanks for the comments you sent. C'you, Massimiliano Pala (madwolf@openca.org)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature